The TCP header contains a flag known as the reset (RST) flag. A TCP segment is sent with the RST flag whenever a segment arrives
that does not meet the criteria for a referenced connection. For example, a TCP segment is sent with a RST flag when a connection
request is received on the destination port, but no process is listening at that port.
This behavior is defined in RFC 793, Transmission Control Protocol, for host-to-host communication and implemented by various
vendors. However, for the network devices that reside on the network between hosts, specific rules have not been defined to
determine if the device should send the TCP RST segment to the connection initiator, receiver, or both when sessions (half-open,
idle, half-close) are cleared. Some devices send the TCP RST segment to both sender and receiver ports when a session is cleared,
while some devices silently remove the session in the session table without sending out any TCP RST segments.
The TCP Reset Segment Control feature provides a mechanism to configure if a TCP RST segment should be sent when a session
is cleared for half-close, half-open, or idle sessions.
A half-open session is an unestablished session initiated by a TCP synchronization (SYN) segment but is incomplete as only
a TCP three-way handshake occurs and a timer is started.
TCP provides the ability for one end of a connection to terminate its output while still receiving data from the other end
of the connection. This TCP state is called the half-close state. A session enters the half-close state when it receives the
first TCP FIN segment and starts a timer. If another segment is received before the session timeout occurs, then the timer
is restarted.
You can set the timeout value for half-open and half-close sessions by using the tcp synwait-time and tcp finwait-time commands respectively. The default timeout value is 30 seconds.
An idle session is a TCP session that is active between two devices and no data is transmitted by either of the devices for
a prolonged period of time. You can set the timeout value for an idle session by using the
tcp idle-time command. The default timeout value for idle sessions is 3600 seconds.
Once the timeout occurs on the TCP sessions and the session is cleared, the TCP RST segment is sent and the session will be
reset only if the TCP reset segment control is configured on the sessions.